The Fraud Examiner

Data Breach Highlights People’s Predilection for Weak Passwords

The recent news that the passwords and login credentials for approximately two million online accounts were stolen and posted online serves as a reminder of the importance of password security. The stolen credentials were for all kinds of user accounts, including those on Facebook, Google, Linkedin, Twitter, Yahoo and ADP payroll services.

The account credentials were harvested by a botnet, according to researchers at security firm Trustwave, who discovered the data while investigating the server that cyber criminals use to control the “Pony” botnet. A botnet is a network of Internet-connected computers that have been infected with malware that puts them under the command and control of a remote operator who uses the infected devices to carry out criminal activities.

Analysis of the Stolen Passwords

The Trustwave researchers analyzed the compromised passwords to learn about the password habits of Internet users, and the analysis, like similar studies, demonstrated that many Internet users have poor password practices. In particular, the analysis revealed that many Internet users employ simple, predictable passwords, with the most common being “123456.” About half of the passwords contained only one character type, and many were derived from common keyboard patterns and swipes (e.g., 1234 and qwerty).